Identity Verification and Contact Information Policy

Effective Date July 1, 2025 Policy Owner Information Technology Services (ITS)
Last Reviewed Date July 1, 2025 Approved By President's Council
Review Cycle Annual Policy Contact Information Security & Compliance Analyst

Policy Purpose

This policy establishes guidelines for the collection, use, and protection of personal mobile phone numbers and personal email addresses by New York Tech for the purpose of positively identifying end users in support of identity and access management (IAM) systems.

Policy Scope

This policy applies to all New York Tech students, faculty, staff, contractors, and guests who provide personal contact information for identity verification purposes.

Policy Statement

New York Tech may collect and use personal mobile phone numbers and personal email addresses to:

All use of personal contact information will comply with applicable federal, state and local laws and institutional policies, including the Telephone Consumer Protection Act, New York Tech's Acceptable Use, Data Security and Access Management, and Mobile Device policies.

Collection and Consent

When users provide their personal contact information, they are deemed to have consented to receiving SMS, voice, and email messages related to identity verification and authentication processes.

Use and Disclosure

Personal contact information will be used for identity verification and authentication purposes, in addition to other institutionally approved use cases. It will not be shared with third parties except as required by law or institutional policy.

New York Tech may use this information to send verification codes, identity confirmation links, or security alerts via Short Message Service (SMS), voice call or email.

Data Protection and Retention

All personal contact data will be stored securely in accordance with New York Tech's Data Security and Access Management Policy.

Access to this data is restricted to authorized personnel within ITS and is subject to audit and review.

Data will be retained only as long as necessary to fulfill its identity verification purpose and will be deleted in accordance with New York Tech's Record Retention and Destruction Policy.

Responsibilities

ITS is responsible for implementing and maintaining systems that securely handle personal contact information. Users are responsible for keeping their contact information up to date and reporting any unauthorized use.

A2P 10DLC and Telephone Consumer Protection Act Compliance

To comply with A2P 10DLC requirements, New York Tech will adhere to the following guidelines:

Related Internal Policies

Regulatory References

Violations

Violations of this policy may result in disciplinary action in accordance with New York Tech's Code of Conduct and applicable employment or academic policies.